Skip to content
Snippets Groups Projects
Select Git revision
  • 43c2ced2302bbd2a0184703682e82cc7bdbbd126
  • master default
2 results

bundle_certs

  • Clone with SSH
  • Clone with HTTPS
    • Adar Nimrod's avatar
    Migrate from Travis CI to GitLab CI.
    nimrod authored 
    Also, update pre-commit hooks.
    43c2ced2
    History
    Adar Nimrod's avatar 43c2ced2
    History
    Name Last commit Last update
    .gitignore
    .gitlab-ci.yml
    .pre-commit-config.yaml
    .travis.yml
    LICENSE.txt
    README.rst
    bundle_certs
    test.bats
    README.rst

    bundle-certs

    pipeline status

    A shell script to bundle SSL certificates in the correct order. The use case envisioned is programmatically handling SSL certificate renewal.

    Installation

    This script can be used in 2 ways. The 1st is copying to /usr/local/bin/bundle_certs, marking as executable and calling the script. The 2nd is copying the file to somewhere under you home directory and sourcing it in your shell's rc file (like .bashrc, .kshrc etc.). With the 2nd way you gain a few shell function for handling SSL certificates (listed below).

    Requirements

    For regular use:

    • A POSIX compatible shell.
    • OpenSSL.
    • AWK.

    For testing/ development purposes, all of the above, plus:

    Usage

    Call the script/ function with the list of certificates you want to order, for example:

    bundle_certs *.crt > bundle.crt

    The outputted bundle is WITHOUT the root (CA) certificate.

    Shell functions

    • subject_hash: Returns OpenSSL's hash of the cert's subject.
    • issuer_hash: Returns OpenSSL's hash of the cert's issuer.
    • find_root_cert: Return the filename of the (first) root (self-signed) certificate of the filenames passed as parameters.
    • find_cert_by_issuer_hash: Gets a hash and a list of filenames, returns the filename of the certificate with that issuer hash. Ignores self-signed (root CA) certificates.
    • unbudle_cert: Gets a filename, creates a directory named certs which contains all of the individual certs in the file (the files are named by their subject hash).
    • bundle_certs: See Usage section above.

    Development and testing

    Testing is done using Bats. To test run bats test.bats. Pre-commit is also configured for this repo.

    License

    This software is licensed under the MIT license (see the LICENSE.txt file).

    Author Information

    Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://git.shore.co.il/explore/.